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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

International Application No.: PCT/GB98/02881 
International Filing Date: 24 September 1998 
Title: A Data Encryption System for Internet Communication 
Inventor; John Wolfgang HALPERN 

Attorney Docket No: HALJW/1 02/PC/US 

Box PCT 

Commissioner for Patents 
Washington, D.C. 20231 

Sir: 

PRELIMINARY AMENDMENT 

Applicant requests entry of the following preliminary amendment prior to 
calculation of the filing fee. Please amend the above-identified international 
application as follows: 
In the claims: 

Claim 3, line 2, delete "or 2". 

Claim 1 , line 2, delete "or 6". 
9. (Amended) An encryption and automatic key renewal system for confidential 
e-mail as in [any of the preceding claims] claim 1 , comprising: 

(a) a stored key verification and key exchange module (1), 

(b) a Pseudo Random Key Generator (2), 

(c) a system of logic circuit elements and interconnections between them^ 

(d) a programmable counter (4)^ 

(e) an open-ended shift register with parallel bit outputs {7L 

(f) a pseudo-random Data Generator (1 1) for supplying surplus data bits^ 

(g) a one clock-pulse delay circuit which delays real data bits (Incoming and 
outgoing in affecting the machine state or algorithm status) , and 

(h) a serial buffer system (18) for accepting work station data and to pass 
them to the algorithm in accordance with the instant state of the algorithm. 

EL721435571US 
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1 1 . (Amended) An encryption and automatic key renewal system as [claimed in 
any preceding] In claim 1, wherein said data to be encrypted is encrypted using a 
variable word length encryption system, wherein the data output from the 
encryption system comprises random data bits and real data bits, said real data bits 
being transmitted at a randomly varying rate, according to the key being used by 
said e-mail station. 

15. (Amended) An encryption and automatic key renewal system for confidential 
e-mail as claimed in [any of claims] claim 1 [to 1 1 , 1 3 or 1 4], wherein the 
encryption process is determined by an algorithm embodied in a microelectronic 
chip and wherein this process is not rigidly predetermined but continually 
influenced and modified 

(a) by the parallel bit outputs of a revolving encryption key register, and 

(b) by some but not all the clear bits of the data inputted to the said 
algorithm circuit for encryption or outputted from the said algorithm circuit after 
decryption. 

Please add the following new claims: 
-18. An encryption and automatic key renewal system for confidential e-mail as 
claimed in claim 13, wherein the encryption process is determined by an algorithm 
embodied in a microelectronic chip and wherein this process is not rigidly 
predetermined but continually influenced and modified 

(a) by the parallel bit outputs of a revolving encryption key register, and 

(b) by some but not all the clear bits of the data inputted to the said 
algorithm circuit for encryption or outputted from the said algorithm circuit after 
decryption. 

19. An encryption and automatic key renewal system for confidential e-mail as 
claimed in claim 14, wherein the encryption process is determined by an algorithm 
embodied in a microelectronic chip and wherein this process is not rigidly 
predetermined but continually influenced and modified 
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(a) by the parallel bit outputs of a revolving encryption key register, and 

(b) by some but not all the clear bits of the data inputted to the said 
algorithm circuit for encryption or outputted from the said algorithm circuit after 
decryption. -- 

REMARKS 

The claims have been amended to eliminate any multiple claim dependencies. 
Please enter the preceding preliminary amendment prior to calculation of the 
filing fee. 

Respectfully submitted, 
r\ John Wolfgang HALPERN 

Guy^D^/^^ — 
Registratntin NoN^, 1 2b 
Alix, Yale^Si Ristas>L±p\ 
Attorney for ApplicatrKj 

Date: March 19, 2001 
750 Main Street 
Hartford, CT 06103-2721 
(860) 527-921 1 

Attorney's Docket: HALJW/1 02/PC/US 



3 



CLEAN COPY OF AMENDED CLAIMS 3, 7, 9, 11, 15, AND NEW CLAIMS 18 AND 
19 APPLICATION NO.: PCT/GB98/02881 

3. An encryption and automatic key renewal system for confidential e-mail as in 
claim 1, comprising means for recognizing the legitimacy of a server station by a 
calling e-mail station, comprising 

(a) means for sending to the server station the address code associated with 
the e-mail station's encrypting key; 

(b) means for using the address to assist the server station in obtaining the 
calling station's encryption key; 

(c) the server station comprising equipment to encrypt the key encryption 
number with itself; 

(d) the server station also comprising means to send the encrypted key to 
the e-mail station; 

(e) the e-mail station comprising means for decrypting the received key, 
using its own key and placing the result into a comparator register, and means for 
determining if the compared numbers are equal for informing the server station 
accordingly. 

7. An encryption and automatic key renewal system for confidential e-mail as in 
claim 5, wherein the algorithms used for the encrypting process produce word-bit 
configurations consisting of more than 8 bits and less than 16 bits per word 
transmitted, and the bit number per word is continually changing. 
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9. An encryption and autonnatic key renewal system for confidential e-mail as in 
claim 1 , comprising: 

(a) a stored key verification and key exchange module (1), 

(b) a Pseudo Random Key Generator (2), 

(c) a system of logic circuit elements and interconnections between them, 

(d) a programmable counter (4), 

(e) an open-ended shift register with parallel bit outputs (7), 

(f) a pseudo-random Data Generator (1 1) for supplying surplus data bits, 

(g) a one clock-pulse delay circuit which delays real data bits (Incoming and 
outgoing in affecting the machine state or algorithm status}, and 

(h) a serial buffer system (18) for accepting work station data and to pass 
them to the algorithm in accordance with the instant state of the algorithm. 

11. An encryption and automatic key renewal system as in claim 1 , wherein said 
data to be encrypted Is encrypted using a variable word length encryption system, 
wherein the data output from the encryption system comprises random data bits 
and real data bits, said real data bits being transmitted at a randomly varying rate, 
according to the key being used by said e-mail station. 

15. An encryption and automatic key renewal system for confidential e-mail as 
claimed in claim 1 , wherein the encryption process is determined by an algorithm 
embodied in a microelectronic chip and wherein this process is not rigidly 
predetermined but continually influenced and modified 
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(a) by the parallel bit outputs of a revolving encryption key register, and 

(b) by some but not all the clear bits of the data inputted to the said 
algorithm circuit for encryption or outputted from the said algorithm circuit after 
decryption. 

18. An encryption and automatic key renewal system for confidential e-mail as 
claimed in claim 13, wherein the encryption process is determined by an algorithm 
embodied in a microelectronic chip and wherein this process is not rigidly 
predetermined but continually influenced and modified 

(a) by the parallel bit outputs of a revolving encryption key register, and 

(b) by some but not all the clear bits of the data inputted to the said 
algorithm circuit for encryption or outputted from the said algorithm circuit after 
decryption. 

19. An encryption and automatic key renewal system for confidential e-mail as 
claimed in claim 14, wherein the encryption process is determined by an algorithm 
embodied in a microelectronic chip and wherein this process is not rigidly 
predetermined but continually influenced and modified 

(a) by the parallel bit outputs of a revolving encryption key register, and 

(b) by some but not all the clear bits of the data inputted to the said 
algorithm circuit for encryption or outputted from the said algorithm circuit after 
decryption. 
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A Data Encryption System 
for Internet Communication 



There is a general concensus that serious use of the internet potential for 
the needs of Cortroerce and Industry requires a 100% long-term effective sys- 
tem for protecting privacy of the interchanges. 

Several aspects apart from privacy would be iirf»rtant in making a choice of 
the technique. It would have to be siiitable for all digital transmissions, 
irrespective of the coding enplqyed. The same encryption system should be work- 
kable for. lettered, .audible or visual messages. Also, the time of processing 
the data should preferably not add more than 80% to the time for transmitting 
the same data in the clear form. Furthermore, no time should be spent on looking 
up directories for keys or other procedure rules. 

EP-A-0738 058 discloses a system for the secure 
distribution of encryption keys using a key management device 
attached to each user's encryption machine, containing a list 
of secure communication partners and their respective 
encryption keys. If the desired addressee data is not found 
in the local data list, the device connects to a secure key 
distribution centre which is protected by encryption using 
the public key method. 

Kazue Tanake et al : "Key Distribution System for Mail 
Systems using ID-Related Information Directory", Computers 
and Security International Journal Devoted to the Study of 
Technical and Financial Aspects of Computer Security, vol. 
10, no. 1 (1991-02-01), pp 25 - 33, ISSD 0167-4048, discloses 
a key distribution system which uses a public directory, 
which contains each user's ID-related information. A sender 
generates a key and key information which depends on the 
receiver, and sends the key information along with the 
encrypted message. 

The objectives of this patent- application follow from what has just been said: 
o to create for owners of PC's certain supplementary conponents easily added 
with the result of replacing registered and high-priority mail transmissions 
by a less e^qsensive and faster track. protected against breach of confidentiality. 

o to reduce the need for personal trustworthiness and to replace it by trust- 
worthiness of the provisions of the system. 

o While the idea of "trusted third parties" is appropriate vAiere Government 

interests are directly involved, the many contingencies that arise when applied 
to all catimanications would strain an already overburdened legal system. In 
contradistinction, the here proposed method would save trustworthy server 
stations from slipping into arbitrariness, favoritism and self-serving bureau- 
cracy. At the same time it would open a clear route for observers at Goven- 
ment level to use their authority of sampling messages in the interest of 
crims prevention and to do so even for longer periods if and vAien properly 
authorized and reasoned for in exposes open for public inspection within 
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This paper vd.ll outline the technical ' p 1 a t^f o r m' for accoapUshing 
the above sketched objectives, wiilii the further provision that its service be 
available to everyone at a relatively lew extra cost over and above the cost of 
using internet connunication. 

The said 'technical platform' constitutes a system resting on two main pillars, 
namely 

(a) an algorithm vMch generates variable vrordlength data scrantiling 

(b) a hierarchic system of key distribution (e.g. a regulated method for ageing 
-and then eliminating keys) 

In accordance with a first aspect, the present invention provides an 
encryption and fully automatic key renewal system for confidential e-mail 
communication, comprising at least two e-mail stations linked to a commumcation 
system; the encryption and automatic key renewal system comprising: 

a key generation centre (NKGC) for the generation of random keys for the 
use of said at least two e-mail stations; 

means for the periodic renewal of the keys used by said at least two e-mail 
stations; and 

means for scrambling or encrypting data to be transmitted, using said keys- 
and ' 

local server stations which store and update said random keys generated in 
said key generation centre; characterised in that 

said local server stations store said keys in a look-up table, each key being 
associated with an address code and each address code havmg associated data 
mdicative of the age of said key at any time and to classify the age relative to the age 
of other keys in use at any given time; and 

each said server station including means adapted to issue, prior to each 
confidential e-mail commurdcation fi-om said at least two e-mail stations, a new key 
to the sending e-mail station, as the key to be used by said station for scrambling or 
encrypting the data to be transmitted; 

wherein said look-up table means stores a fixed number of encryption key 
numbers conjointly with their respective access addresses in a shift register-like 
memory structure wherein the said fixed group of key numbers and said addresses 
can be moved at quasi randomly arranged times firom a younger to an older position 
the youngest position serving as an entrance point for a new number suppHed by the 
said key generation centre, and the oldest number being relegated to an inactive and 
reserved position outside the said fixed number or group of encryption keys. 

In accordance with an second aspect, there is provided an encryption and 
automatic encryption key renewal system for confidential e-mail communication, 
comprising at least one e-mail station linked to a communication system; said 
system comprising a pseudo-random data generator; characterised by a key 
generation system and an encryption circuit, said key generation system 
automatically providing said e-mail station with a new encryption key before each 
e-mail communication, and wherein the output of said pseudo-random data 
generator is mixed with the bit levels of outputs of said encryption circuit and with 
clear bit levels of said mput data, according to said key, so as to diffuse any pattem 
such as may be recognised in the expanded data words. 




In place of a lengthy eqjlanation, we begin by referring to Figure 4 vAiich 
illustrates the idea of variable word length text transformation. It will be clear 
that coirputerised scanning of the encrypted text will in this case have no pros- 
pect of providing any clxoe. 

Figvire 5 shows a fvinctional block diagraro of the encrypt ion/decryption hardware. 
In early implementations/ a 16 bit shift register was used {block SR) with simple 
oui?5ut to input connection. The encrypted output resulting from such an arrange- 
ment showed a certain periodicity if the clear text consisted of the binary repre- 
sentation of a single letter, for example the letter 'a' in unchanging repetition. 
This revealed the potential for a ceirtain weakness of the method unless steps are 
taken to overcome this possible point of attack for a hacker. In present designs 
we use a 31 bit shift register as the basis for a pseudo random data generator 
wherein the periodicity is vastly (pattern recurrance only once every 2/14 billion 
different coitfainations) reduced. In addition, further measures are taken to begin 
each nsssage with an undefined length of meaningless text. Kjat text is not delivered 
in clear by the algorithm. For the user it constitutes siitply a few seconds waiting 
tiioe added to the setting up tine. One method of achieving this will be ex- 
plained in conjunction with Figures 3,4 and 8. 

Returning to the description of Fig. 5, paralell outputs from the shift re- 
gister are connected to various logic elements under the heading UOGIC aSOTECL. This 
coniprises for exanple, a prograimable counter/ several flip flops and bistables 
and various gates. Some of the logic control elements are also e:qxised to inputs 
of the logic levels of the real data, both oatgoing or incoming. These data are 
applied with a delay of one full clock pulse duration. This is done in the squa- 
res named 'bit delay* . The encrypted text on line I2 is derived from an OR gate 
into which alternately pass bit elements from the real data and from the Random 
data generator RDG, respectively a, by real data modified, output from said 
generator. Encrypted data received are descrantoled by action of the Logic Control 
group, in a single AND gate. 

Figures 6 and 7 e:q>lain how it is possible to have 8-10 simultaneously valid 
keys and how they are weighted in a nuiifcer ageing process. Figure 8 shews a functio- 
nal block diagram of an LSI chip such as would be capable of carrying out data 
encryption at a high clock rate suitable for any communication network and would 
provide added security over and above the basic scheme of Figure 5. 
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Detailed Discxission of the Drawings 



FIG. 1 shews two personal computers or comxiunication work stations 
iising a fixed secret key, or using a progrcim permitting one of the stations 
to utilize the encryption key of the other. 

FIG. 2 illxastrates a sitxiation where the official key enployed within an 
organisation is not normally used for the actual encryption/decryption of data. 
If for exanple station A represents the word processor in a secretsurial pool 
of one cortpany, and station B the processor office in another conpany, And 
the message sender has a small conputer in his office Ap wishing to send a con- 
fidential message to a particular person having a conputer Bp , then the procedure 
would be as follows: 

(a) The secretary at A will type into the word processor A a statement from 
Mr. Ap in clear language and put it on disk. 

(b) Next, the secretary agrees with Ap to display on the window of Ap the 
text as written for approval or eunendments. 

(c) When approved, Ap will contact the secretary at A over the phone to prepare 
internet connection with the cotmiunication of office at B. 

(d) When conmunication is established, the secretary rings Ap to report 'ready'. 

(e) The executive at Ap now types his private password ppw into his keyboard 
thereby transmitting it to work station A vAiere the instruction code tells the 
conputer to deduct (or add) the password nuirber, or a multiple thereof, from the 
encryption key of the organisation. 

(f ) Once this is done a green light informs the secretary that the clear text 
derived from the disk is to be moved through the encryption algorithm and out into 
the internet. 

(g) The encrypted message is taken on disk at conputer unit B. It cannot be 
read by staff. 

(h) When executive B^ returns to his office, he will find a light signal 

indicating that he has a personal message. Accordingly, he will enter the agreed 

pass word ppw on his conputer keyboard together with the instruction of deducting 

it from the camon general key. After that, the decrypted nessage will appear on 

the screen B . 

P 

It would be technically possible to provide the Managing Chief in each conpany 
with an automatic printout of all personal messages, to enforce the sharing 
of confidential information. 

Since the encryption system here expounded is not primarily determined by 
mathematical conversions, and therefore all nuirfcers are equally suitable, it would 
suffice if the executives concerned are told that they most have a six-digit ppw 
Knoledge of agreed passwords may therefore be limted to the parties themselves 
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^^G' 3 shows the structure of a Service Center SC for almost fully 
automatic connection service to clients wishing to send messages required 
to remain confidential. Fig. 3 shows again a workstation A in one locality 
and another workstation in a remote Icxality but using the same equipnent. 
The central server station consists of two sections (A S B) . These sections 
comprise channel switching section sw, switch control sections LS^^ or LS ; 
Two algorithmic sections virtually identically with those shown for exam- 
ple in Fig. 8; In each section is also a key register for storing a key K 
and a random text data holding register D^. Belcw is a computing section" 
COMP, and below that a memory of past transactions, M. The computer unit 
COMP has a preferably direct link with a National Key Generator Cente r NKGC . 
Where a direct link is not available, a switched connection with NKGC will 
do because no clear data are passed through this link, (see als o Fig. 6 ) 
The process prior to A sending a confidential message to B, can be reported 
in ten steps. 

(1) station A dials the local Service Center (SC) and immediately thereafter 
dials also the nurrtoer of the desired receipient B- 

(2) Station A gets indication that connection is made 

(3) pronpted by (2) , section A receives from station A the address code for 
identifying rtie. key held at present by station A. (see address reg. , fig. 7). 

"(4) section B of SC calls station B. 

(5) Station B responds by sending its address in clear 

(6) using the two address numbers from A and B, theSClooks up f rom.a nemory 
table siinilar to that of Fig. 7 the at the time valid secret key nunfcers. 
Section A of SC extracts the key nr, for station A, inserts it into the 
algorithm (algo) thereby encrypting K^by K^and sends it to station A 
for verification. - Section B of SC proceeds likewise with station B. 
(the table is stored in section CCMP, and is periodically updated from 
the national key generator centre, see Fig. 6) . 

(7) A and B receive the encrypted keys K^- and K^' respectively, decrypt them 
with their respective and keys, and if any station cannot verify 
It sends to the respective section of SC a repeat request. If this also 
fails .. a 'failed' signal in clear goes to both stations. 

(8) With both conparisons correct, the SC proceeds to obtain from its COMP 
section an alternative key nun^ 3ection A encrypts with K, , 
and secUon B eiKn:ypts with K^, and sends these numbers to stations A 
and B respectively where they are decrypted and entered into their key 
registers, substituting their earlier keys. 
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(9) Stations A and B send out K^' to the respective sections of SC 
where they are compared to test equality. 

at this point both stations would be ready 

to communicate. The time lapse so far {after 

the initial dialling by station A) would be 

less than 4 seconds. To inprove security 

further a further step is adding a few seconds 

to the setting up procedure: 

(10) The Computer Resource Unit COMP supplies to the operative sections a 

random ni^ber called where it is entered into a register connected 

for generating through re-circulation a fairly large pseudo random 

number. This number is continually ^^^through tifa algo sections 

xs — 

of SC,and the output//sent to stations A and B where they are decrypted 

and continvially passed through a comparator register being- only a few 
bits {5 - 12) long. Paralell outputs from this register are continually 
compared with -.-a similar nurrtoer of selected paralell bit outputs 
from the larger, in the opposite sense rotating, key register. Whenever 
all the bit positions of the static bit conparator are at the strobing 
moment equal, a pulse is released both in the stations A and B and in 
the Server Center SC internally v*iich stops the D^. bit generator and esta- 
'..iilishes in the switching sections sw a direct connection between A and B. 
It should be noted that the true time distance 
in tenns of real data clock pulses could not be 
'determined by a hacker and therefore no conclusion 
be drawn as to the nxrrtoer stnactxxre of the initial 
key in the key register of the algorithm. This is 
because the variable word length encryption applies 
also to the data stream transmission. 
Figure 4 illustrates the nature of an efknrypted message consisting as it 
does of an initial phase of random data the length of which cannot be ex- 
ternally detected, and a transmission phase consisting of a quasi-random 

tiuxture of real data bits and random bits - all in a single undivided 
string of bits giving no clue where one word begins or ends. There is thus 
no reference points against which an analyst might be able to study the bit 
sequences. 

Figure 5 has already been adequately dealt with on page 2 
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FIGURE 6 explains the role of the N K G C (national key generator center) - 
In that Center the numbers with their address allocations, and also the 

nuntjers are generated and the protocol for the transfer of these nuntoers 
to head offices of Vcirious kind is observed. The management of the Center 
would be limited to determining the optiraum rate at vArLch updates for new 
numbers should be made. This would be set responsive to the performance of 
the system as a whole as reported by supervisors. Performance reports from 
head offices such as Bk (banks) or TR (transport organisations) or SC's (ser- 
vice centers for confidential comnunications ) would be studied by supervi- 
sors and appropriate responses formulated. Management would have no access 
to actual key numbers. When a station mal-perf orms , its encryption module is 
detached and sent to the factory, and replaced by a factory-new one. 

It is here suggested that both systerrwise and with respect to the encryption 
module IC, the here explained confidential message system may .be. .used. ;also in 
bank transaction as also in remotely issued travel passes and routing instruc- 
tions. 

FIGURE 7. This table surveys the position changes of a number which ranges 
from a nascent phase to an active, semi-active, and fixially abandoned phase. 
The numbers are classified in terms of age. The active nuntoer range comprises 
in this example five ageing positions, and so does the semi-active range of 
nunbers. If each column segment represents the time span of, say, one 
week, it would take ten weeks for a number to travel from the nascent region 
through the active and s^-active region, in order to exit into the for 
normal use in^accessable abandoned region. 

Once an address is allocated to a number, the two nuirioers remain associated 

during their migration through said regions. 
Both active and semi-active numbers are valid numbers, and are therefore ac- 
cepted by terminals and server stations for commencing a communication. 
However, either right at the beginning or after completion of the cotununi- 
cation event, an older active nunfcer is substituted by a younger one, or 
any semi-active number is substituted by any number from the active region. 
If an internet station, or an IC card - through non-useage over a longer 
period of time - has in its encryption algorithm a nunber which at the time 
of re-use belongs to an abandoned number, it would be necessary to make 
contact with certain supervisory organs which have at their disposal access 
to a central register which keeps a record of numbers abandoned in the past. 
Such organs would be allowed to make also additional checks before they 
override the absence of a valid key number and bring the station or card 
up to date again. 
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FIGURE 8 This shows an example for ■ the LSI chip circuit blcx:lc diagram. 
A chip of this type would be needed in an extension card for insertion 
in^ot the the slots for extension functions, such as are common in perso- 
nal computers, 'ihe following are the main features of the Chip: 

The four clock phases needed to operate the circuit may be either on 
chip generated or supplied by the Computer (as fig. 8 indicates) . The chip 
would also be used in the Service Center ^.There is a STORED KEY VERIFI- 
CATION AND KEY EXCHANGE MODULE (1). This group has four input lines (ROP, 
CK2, En .' and password .) and t>io output lin^'^ In connection v/ith inter- 

net operation there may be at least one more input from outside the chip, 
when namely the output EN has to be delayed because of delays, in getting 
a connection completed or for whatever other reason- When the electric level 
at EN changes this indicates that verification and key exchange are satis- 
factorily completed, and, with everything else being ready the next phase 
can begin. - The ROP input to module i resets all internal bis tables and 
occurs when power is switched on or shortly afterwards. The d- input is con- 
nected to the incoming signal line to enable the address reference for the 
encryption key held, to be read out . This last mentioned detail is not shown 
worked out in figure 8- 

In practice, the circuit must satisfy the condition that external communica- 
tion of keys must take place only in the encrypted form- The input CK2 
provides the proper clock phase for the key exchange functions. The out- 
put K transfers to block 2 the new key before commencing the encryption and 
decryption functions. -All encrypted incon-lng line signals are decrypted by gate 1 
» The pseudo random key generator rotates t >-"? Rhift r^a^ifi^^T ^ wit-h every 
CK3 clock pulse. The programmable counter 4 is advanced with every CK3 clock 
pulse. The bistable 23 is reset with every CK2 clock pulse. The programmable 
counter , 2if ter producing a carry output is loaded with the paralell output 
from the key generator at the time, that is between CK3 and the following CK2. 
The incoming or outgoing real data bits also have an effect on the constellation 
of the logic interconnections , block 3 ^in that the consecutive data bits are 
fed with the delay of one complete clock cycle to block 3. From this arraxigement 
it follows that discovery of the clear text is not possible without the prior 
knowledge of the clear text, making discovery superfluous. Text generated in 
the P C is connected to a buffer register ^ '^r perhaps two such registers, via 
the terminal d^ The buffer fills until a signal F (full) is fed back to the 
computer. As the buffer clearSdue to passing on data to gate 14, the buffer 
register is filled up again from an overflow register in the computer itself. 
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The job of the pseudo random data generator, block II , is to provide meaning- 
less data bits to be fed to outlet 'd' via the gates 12 and 13 when c is high- 
The gate 14 admits data from the buffer 17 only vrtien c is high. As the oistable 
outputs c and c are dependent on the rest of the algorithm, a quasi random 
mixture of real and fake data is produced at the d output when in the sending 
phase- When in the receiving phase, the scrambled mixture of real and random 
data bits is descrairtaled by gate 16 . The remainixig real data in the gate 16 
output are channeled in the very begiming before the - actual message transmis- 
sion to gate 21 and to the d input to block 1 during the initial key checking 
and exchanging phase. ' The output from 21 feeds into a short shift register 7 
which has paralell outputs for each of the bits it holds. These are applied 
to a static comparator 8 and compared bit by bit with an equal number of out- 
puts from the register of block 2. As both the registers are shifted on the rising 
edge of CK3 but in opposite directions this has the effect of scanning and 
testing the registers as to the chance of hitting a seven bit (or 5-bit, etc.) 
combination where all the input bit comparisons are successful causing an output 
pulse by the strobing clock CK4 on AND gate 9 to trigger bistable 10. As the 
gate of 16b is enabled by Q , with the disappearance of this high level the flow 
of encrypted nonsense data stops. A very similar arrangement in the Service 
Center SC also caxases the flew of these data to stop and to connect the station 
A (Fig. 3) with station B directly via switch elements sw. Prom now on, encrypted 
data are meaningful text from A to B. Station B will from that nxament on 
channel data received at d (Fig. 8) through gates 16 and 16a to the output inter- 
face d^ on the PCB vrtiose adge contactors are plugged into the appropriate 
sockets inside the P C. When the workstation PC sends, an output SE is generated 
which disables the gate 16a. The conputer can also generate a signal along 
chip input prfl .(password line) to modify the encryption key as explained.ia 
connection with the conment on Figure 2. 

Finally, the question should be addressed whether the present encryption system 
permits the communicating parties to engage in a dialogiae. The answer is yes, 
messages may be sent in both dixectioL/without pause and there is no limit to the 
length of the message or of the dialogue. 
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Because of the nature of the encryptotion method \f;hich defies any form 
of systematic factoring of the encrypted text, it is unlikely that a free- 
lance hacker can be a threat to the described system in spite of the fact 
that the interchnages between the Client Computer (CC) and the Server 
Station (SSt) contain one element, the address information, in the clear. 
In a slightly better position are the expert engineers of the seirver stations 
which may have an insight into the precise moment when within the encrypted 
data flow various addresses are offered. In a very general way one may 
admit the possibility of a problem that may then arise. An alternative scheme 
would permit also the address code to be sent only in the encrypted form. 
According to our proposal, the Client Computers of a local region would hate 
a special relationship with the Internet Secure Server station of that same 
region (SSt) . The Client Conputer (CC, Fig. 9) would when contacting the 
Server send to it its ID number. This number serves as an address in the 
Seirvec station's memory bank which would contain the very same data as the 
Client station, namely a chip serial nr. and / or the date of inaugura- 
tion of the client chip (from an unalterable ROM) . 
the last entered encryption Key nr. 
The last entered Preamble E)elay nr. D^. 
and in place of a revolving address code, an annual 
sequential entry serial nr. 
Based on this information, the calling station may inmediately begin with 
sending its own data in encrypted form which "^^e^^^er^er station would place into 
a comparator register, and if all these data are correct will automatically 
issue a new key number and preamble random delay nuntoer and the next sequential 
nr., in encrypted form using the old key, cind the correspon^ST^^^!ear data are 
then placed into the memory of the Client Computer station. Its operator is 
requested to dial the distant station to which message material is to be 
sent. The dial nuirber would pass through the encryption algorithm and there- 
for does not allow a third party to know which conpany or person will be con- 
nected. The first part of the dial code will call up the distant Server station 
(for exanple BBZ) and the number part will call up the particula CC, say 1500. 
When the latter responds, it sends its own ID niamber to the distant local 
Server station, and a similsir conparison process as described above, is ini- 
tiated. If this verifies that the correct CC station has been contacted, 
the new key (K^^) given to the calling station is now also given to the called 
station. After this is verified, this is made Icnown to the calling station, 
and a display invites its operator to proceed sending the intended material 
(text, drawings, voiced coiment, etc). 
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The just described alternative logistics for a variable word length 
data transmission system, would blend well into telephone and internet 
based communication infra structures. 

It is feasible that just one further step in this direction coul.i be made 
by integrating the envisaged function of secure Server Stations with the 
location of telephone branch Exchanges (as indicated in Figure 10) , This 
would be economical -Jji installation costs, and could work fully automatically 
in the environment of an automatic switching system- This does not exclude 

the computerized electronic equipment being housed in a separate re- 
inforced building. It would suf Eice to have that building in close vici- 
nity to the said telephone Exchange station. 
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CLAIMS 

1. An encryption and fully automatic key renewal system 
for confidential e-mail communication, comprising at 
5 least two e-mail stations linked to a communication 

system; the encryption and automatic key renewal system 
comprising: 

a key generation centre (NKGC) for the generation 
of random keys for the use of said at least two e-mail 
10 stations; 

means for the periodic renewal of the keys used by 
said at least two e-mail stations; and 

means for scrambling or encrypting data to be 
transmitted, using said keys; and 
15 local server stations which store and update said 

random keys generated in said key generation centre; 
characterised in that 

said local server stations store said keys in a 
look-up table, each key being associated with an address 

2 0 code and each address code having associated data 

indicative of the age of said key at any time and to 
classify the age relative to the age of other keys in 
use at any given time; and 

each said server station including means adapted to 
25 issue, prior to each confidential e-mail communication 

from said at least two e-mail stations, a new key to the 
sending e-mail station, as the key to be used by said 
station for scrambling or encrypting the data to be 
transmitted; 

3 0 wherein said look-up table means stores a fixed 

number of encryption key numbers conjointly with their 
respective access addresses in a shift register-like 
memory structure wherein the said fixed group of key 
numbers and said addresses can be moved at quasi 
35 randomly arranged times from a younger to an older 

position the youngest position serving as an entrance 
point for a new number supplied by the said key 
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generation centre, and the oldest number being relegated 
to an inactive and reserved position outside the said 
fixed number or group of encryption keys . 

5 2. An encryption and fully automatic key renewal 

system as in claim 1, wherein the said at least two e- 
raail stations have means for encrypting and decrypting 
data including the key numbers themselves, comprising 
means for executing a key number replacement routine 

10 which accepts a new key number only on the basis of a 
successful completion of the replacement routine, the 
said routine being implemented prior to the transmission 
of a new key from the said Key Generation Centre, the 
said local Server Station (5) , and the said e-mail 

15 stations. 



3. An encryption and automatic key renewal system for 
confidential e-mail as in claim 1 or 2, comprising means 
for recognising the legitimacy of a server station by a 
calling e-mail station, comprising 

(a) means for sending to the server station the 
address code associated with the e-mail station's 
encrypting key; 

(b) means for using the address to assist the 
server station in obtaining the calling station's 
encryption key; 

(c) the server station comprising equipment to 
encrypt the key encryption number with itself; 

(d) the server station also comprising means to 
send the encrypted key to the e-mail station; 

(e) the e-mail station comprising means for 
decrypting the received key, using its own key and 
placing the result into a comparator register, and means 
for determining if the compared numbers are equal for 
informing the server station accordingly. 



An encryption and automatic key renewal system for 
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confidential e-mail as in claim 3, wherein in the case 
that the compared numbers are equal the server station 
is programmed to obtain from its storage means an 
alternative key number (K,,) from the currently stored 
5 key numbers, and to encrypt that new number with the key 
of the calling station, and wherein the latter is 
programmed upon receipt of the encrypted new key to 
decrypt said number and to place it into its key 
register in substitution of the number it had before . 

10 

5. An encryption and automatic key renewal system for 
confidential e-mail as in claim 3, wherein the server 
station (SC) also acts as an switchboard for connecting 
a calling station (A) to a requested receiving station 

15 (B) , and wherein the server station consists of a 

computer section (COUP) and a twin structure which is 
equipped with two sets of encryption algorithm (algo) , 
two sets of switching controls, (LSA and LSB) , and two 
sets of buffer memories (K^) for holding key number, 

20 address codes and other relevant flags as supplied by 
the computer section (COMP) . 

6 . An encryption and automatic key renewal system for 
confidential e-mail s in claim 5, wherein the said 

25 server station (SC) also contains a pseudo-random 

generator register (D^.) in order to generate quasi -data 
inputs of equal length simultaneously transmitted and 
encrypted by the said alternative key number (K^) to the 
communicating stations (A, B) in order thereby to shift 

3 0 the starting conditions in the algorithms of the e-mail 
units for the real text to an undetectable point. 

7. An encryption and automatic key renewal system for 
confidential e-mail as in claim 5 or 6, wherein the 

35 algorithms used for the encrypting process produce word- 
bit configurations consisting of more than 8 bits and 
less than 16 bits per word transmitted, and the bit 
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number per word is continually changing. 

8. An encryption and automatic key renewals system for 
confidential e-mail as in claim 6, wherein the precise 

5 point in time for switching the communicating stations 
from the said initial meaningless random information is 
functionally defined by comparing the data flow in two 
registers, namely register (2) with that of register (7) 
whereby the data shift is prompted by the same clock 
10 phase (CK3) but occurs in opposite directions. 

9. An encryption and automatic key renewal system for 
confidential e-mail as in any of the preceding claims, 
comprising 

15 (a) a stored key verification and key exchange 

module (1) , 

(b) a Pseudo Random Key Generator (2) , 

(c) a system of logic circuit elements and 
interconnections between them 

2 0 (d) a programmable counter (4) 

(e) an open-ended shift register with parallel bit 
outputs (7) 

(f) a pseudo-random Data Generator (11) for 
supplying surplus data bits 

25 (g) a one clock-pulse delay circuit which delays 

real data bits (incoming and outgoing in affecting the 
state machine or algorithm status) 

(h) a serial buffer system (18) for accepting work 
station data and to pass them to the algorithm in 

30 accordance with the instant state of the algorithm. 

10. An encryption and automatic renewal system for 
confidential e-mail as in claim 9, wherein the said 
module (1) also contains mathematical processing means 

35 for adding or deducting a password from the operative 
key number in the key register of said module. 



11. An encryption and automatic renewal system as 
claimed in any preceding claim, wherein said data to be 
encrypted is encrypted using a variable word length 
encryption system, wherein the data output from the 
encryption system comprises random data bits and real 
data bits, said real data bits being transmitted at a 
randomly varying rate, according to the key being used 
by said e-mail station. 

12. In an encryption and fully automatic key renewal 
system, a key replacement routine comprises the steps of 

in an automatic server station: receiving from a 
calling station a stored encryption key access address 
in clear text and in encrypted form the e-mail number of 
the party to be called, 

based on said access address, identifying the 
encryption key which had been allocated to the calling 
station for its preceding confidential e-mail 
communication, 

based on said identified key, the automatic server 
station encrypts the key by itself and adds a quasi 
random check number in encrypted form, and sends both to 
the calling station, 

the calling station compares the decrypted received 
key with the one stored, and, if not identical, provides 
and indication thereof, 

the automatic server station receives from the e- 
mail station the decrypted check number and compares it 
with the check number used before encrypting it, and, if 
not the same, will not proceed, and if the same, will 
decrypt the access number of the called station, and 
execute the call repeating the verification steps 
carried out with the calling station. 

13. An encryption and automatic encryption key renewal 
system for confidential e-mail communication, comprising 
at least one e-mail station linked to a communication 



system; said system comprising a pseudo- random data 
generator; characterised by a key generation system and 
an encryption circuit, said key generation system 
automatically providing said e-mail station with a new 
encryption key before each e-mail communication, and 
wherein the output of said pseudo-random data generator 
is mixed with the bit levels of outputs of said 
encryption circuit and with clear bit levels of said 
input data, according to said key, so as to diffuse any 
pattern such as may be recognised in the expanded data 
words . 

14 . An encryption and automatic key renewal system as 
claimed in claim 13, wherein the operation of said 
encryption circuit is continually influenced and 
modified 

(a) by the parallel bit outputs of a revolving 
encryption key register, and 

(b) by the clear bits of the data inputted to the 
encryption circuit for encryption or outputted from the 
encryption circuit after decryption. 

15 . An encryption and automatic key renewal system for 
confidential e-mail as claimed in any of claims 1 to 11, 
13 or 14, wherein the encryption process is determined 
by an algorithm embodied in a microelectronic chip and 
wherein this process is not rigidly predetermined but 
continually influenced and modified 

(a) by the parallel bit outputs of a revolving 
encryption key register, and 

(b) by some but not all the clear bits of the data 
inputted to the said algorithm circuit for encryption or 
outputted from the said algorithm circuit after 
decryption. 

16. An encryption and automatic key renewal system for 
confidential e-mail as characterised in claim 14, 



wherein the functionality of the said microelectronic 
chip circuit is further influenced and modified 

(c) by the configuration of a password entered by 
an operator at the sending and receiving stations in 
5 order to ensure that the transmitted text, picture or 
voice mail is faithfully reproduced only for those 
persons who are intended to know it . 

17. An encryption and automatic key renewal system for 
10 confidential e-mail as in claim 15 wherein means for 
carrying out the encryption process includes a memory 
into which can be written only once, namely when a 
specific e-mail station is inaugurated and associated 
with a definite inauguration date, a definite serial 
15 number, and a definite name and a definite server 

station (SC) , and wherein the said client computer (CC) 
details are also held in memory by the local server 
station (SSt) at an address number which is numerically 
identical with the ID of the CC concerned. 
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An encryption and autmatic key renewal system for confidential 
E-Mail as characterized in Claim 13 and 14 wherein the 
connections between certain of the paralell bit outputs of Key 
Register (Shift Register, SR, Figure 5) and the Logic Circuit 
(LC) ars computer controlled and can thus be readily preset via 
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communicating parties thereby ensuring that their respective 
algorithms operate in an unique synchronistti . 
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1. J\n encryption and automatic key renewal system for confidential E-v'kiil 
corrprising at least one E-mail station or internet cotiputer linJc^ to 
a cotTmunication system 

a national center for the generation of random keys for the use of said 
stations, 

means for the scrambling or encrypting of data in said stations, 
means for the periodic renewal of keys controling said scrambling means 
and local server centers which store and update the said random keys 
generated in said national center, 

WHEREIN said keys shortly before they are delivered from the said 
Center become associated with one of a limited number of address codes, and 
WHEREIN the number of the week within a year or some other flag data 
are attached to said address code that vd.ll readily permit the evalu- 
ation of the age of said key at any time and to classify its age relative to 
the age of other keys in use at a given time, and 

WHEREIN FURTHER a seriver station when issuing the youngest nuntoer to 
ari internet station will delete the -oldest number from its current list of 
valid key nimibers and utilise the forroer address code of that abandoned 
key for associating it with the youngest key (Fig. 7) . 

2. An encryption and automatic key renewal system for confidential E-mail 
as in CLAIM 1 

WHEREIN the procedure for recognising the legitimacy of a Server Station 
by a calling E-mail station is as follov;s: 

(a) sending to the server station the address code attached to its own 
encryption key 

(b) the address most assist the server station in obtaining the calling 
station's encryption key 

(c) The Server station equipment encrypts that key number by itself 

(d) the Server station sends th encrypted key to the E-mail station 

(e) the E-mail station decrypts using its own key and places the result 
into a coirparator register 

(f) If the conpared numbers are equal, the E-mail equipment informs 
the Server sttaion accordingly (FIG. 7) . 
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An encryption and automatic key renewal system for confidential E-mail 
as in Claim 2, WHEREIN in the case of receiving the OK signal the Server 
st2^on is programned to obtain from its conputer section (COMP) an al- 
ternative key number (K^) from the current valid list of key nuntoers, 
and to encrypt that new nuniber with the key of the calling station, 
and wherein the latter is programmed upon receipt of the encrypted new 
key to decrypt s:^d number and to place it into its key register in substi- 
tution of the number it had before. 



An encryption and automatic key renewal system for confidential E-mail 

as in Claim 3, VJHEREIN the Server station (SC) ,Fig. 3, also acts as an 

(A) 

Switchboard for connecting a calling station/to a requested receiving 
station (B) , and WHEREIN the Server station consists of a twin structure 
which -is equipped with two sets of encryption algorithm (algo) , two sets of 
switching controls, (LSA amd LSB) , and two sets of buffer menories (K ) 
for holding key number, address codes and other relevant flags as supplied 
by the conputer section COMP. 

An encryption and automatic key renewal system for confidential E-mail 
as in any preceding Claim 

WHEREIN the said twin sections of the said Server Center equipnient (SC) 
also contains a pseudo-random generator register (D^) in order to gene- 
rate quasi-data inputs of equal length simultaneously transmitted and encryp- 
ted by the said K 

number to the communicating stations (A,B) in order 
thereby to shift the starting conditions in the algorithms of the E-mail 
units for the real text (see Fig. 4) to an undetectable point. 

An encryption and automatic key renewal system for confidential E-mail as 
in claims 1-5 wherein the algorithms used for the encrypting process 
produce : word-bit configurations consisting of more than 8 bits and less 
than 16 bits per word transmitted , and the bit nunfcer per word is con- 
tinually changing. 
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7. An encryption and automatic key renewal system for confidential E-tdail 
as in CLAIM 5, WHEREIN the precise point in time for switching the com- 
municating stations from the said initial meaningless random information 

(being received but not in its decrypted form outputted) is functionally 
defined by comparing the data flow in two registers, namely register 2 
with that of register 7 whereby the data shift is prompted by the same 
clock phase (CK3) but occurs in opposite directions. 

8. An encryption and automatic key renewal system for confidential E-Meiil 
as in any of the preceding claims, 

WHEREIN the main circuit groups of the integrated algorithm circuit (FIG. 8) 
comprises 

(a) a stored key verification and key exchange irodule (1) 

(b) a Pseudo Random Key Generator (2) 

(c) a system of logic circuit elements and interconnections between them 

(d) a programirable v;ounter (4) 

(e) an open-ended shift register with paralell bit outputs (7) 

(f ) a pseudorandom Data Generator (11) for supplying surplus data bits 

(g) a one clock-pulse delay circuit which delays real data bits (incoming 
and outgoing in affecting the state machine or algorithm status 

(h) a serial buffer system 17 for accepting work station data and 

to pass them to the algorithm in accordance with the instant state 
of the algorithm. 



9 . An encryption and automatic renewal system for confidential E-Maiil 

as in Claim 8, wherein the said circuit block (1) also contains mathe- 
matical processing means, for example for adding or deducting a Pass 
Word from the operative Key number in the key register of said module. 

10. An encryption and automatic key renewal system for confidential E-Mail 
SIS in any of the aforegoing claims, and / or as shown and described 
in the accompanying drawings and the ''Specification. 

11. An encryption and automatic encryption key renewal system for confi- 
dential E-Mail wherein tlrie output of the said pseudo-random data gene- 
rator is mixed with the bit levels of other outputs of the encryption 
circuit or with the clear bit levels of the data flow so as to diffuse 
any pattern such as may be recognised Ln the expanded data words. 
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12. An encryption and automatic key renewal system for confidential E-Mail 
wherein the basic functionality of the said algorithm circuit 
is continually influenced and modified 

(a) by the paralell bit outputs of a revolving encryp- 
tion key register 

and (b) by the clear bits of the data inputted to the 

algorithm circuit for encryption or oatputted from the algorithm circuit 
after decryption . 

13. An encryption and automatic key renewal system for confidential 
E-Mail essentially as characterised in Claim 1 wherein the functiona- 
lity of the encryption process is broadly determined by an, partly in 
special hardware executed, algorithm and embodied in a microelectro- 
nic chip and wherein this functionality is not rigidly predetermined 
but continually influenced and modified 

(a) by the paralell bit outputs of a revolving encryp- 
tion key register, and 

(b) by some but not all the clear bits of the data 
inputted to tiie said algorithm circuit for encryption or outputted 
from the said algorithm circuit after decryption. 



14. An encryption and automatic key renewal system for confidential E-Mail 
as characterised in Claim 13 wherein the functionality of the said 
microelectronic chip circuit is further influenced and modified 

(c) by the configuration of a password entered by an 
operatoc at the sending and receiving stations in order to ensure 

that the transmitted text, picture, or voice mail is faithfully 
reproduced only for those persons who are intended to know it. 

15. An encryption and automatic key renewal system for confidential 
E-Mail as in Claim 13 wherein the in hardware represented por- 
tion of the encryption algorithm also contains m:?mory into which can be 
written only once, namely when a specific E-Mail station is inaugura- 
ted and associated with a definite inauguration date, a definite serial 
number, and a definite name and a definite Server Station (SSt) , and 
wherein the said Client Computer (CC) details are also held in 
memory by the local Server Station (SSr) at an address numvber which is 
numerically identical with the ID of the CC concerned. 



09/787575 




2/7 



09/787575 



CD 



15 



00 

03 
03 



< 



CO 



15 
o 

tn 
15 

CO 

15 



15 
15 

LO 



^ E 



> 

CD 



13 
X2 



03 
C 
03 
O) 
C 



to ' 



CD 



C CD 
O "O 

^ 03 
jZ: "O c/3 



-2 
Q 

E 
o 



3/7 



09/787575 



Computer Chip in Card 











"o 


— / 

Registei 




Contr 








. Shi 




o 
_J 

\ (\ 




Transfer Interface Adaptor Circuit 

(contact or non-contact) 



5/7 



09/787575 



i 

1 

I 
1 

f 


i. 

a 

0 i 

c 

I. 

ft, 

1 

c 


I 
I 

s 

T 


\ 
1 

r t 

I 


r 






































2? 








2? 








2? 




;z 




2f 








€ ^ 5 




2: 


OO 


2: 








2: 




2? 




2^ 




2^ 








£" 2 




:z 




:^ 


OD 


2^ 


t\ 


2: 


\o 


2: 




2^" 




2? 








? 2 




2: 




;c 


Os 


2? 


OO 


2? 


t\ 


2? 




;^ 




;s 








: 2 


? rN, 


2? 








2^ 


Os 


2: 


OO 


2? 








2? 






2 






£ 


IN 


2: 




;^ 




2^ 


<:>\ 


2? 


00 














: 2 


: ^ 










2? 








2! 


Os 


2? 


00 


2? 


oo 






: vo 2 


' 










;£ 




j£ 




2? 




2: 




a 
2: 






OO 2 




: ^ 










;^ 




2? 




2? 




2^ 




2? 










: 


2^ 




2^ 




;£ 








;£ 




2? 











































c 








C 




03 




CO 




CD 




a 




c: 




OJ 




Ch 


po 


cz 




.2 


CD 




Q 




CD 


Q 


E 


CD 


ive 1 


a 


Z3 


■C 




'> 


CD 


CD 


C/3 


urv 


con 


CO 

1 




c 

CD 

< 




a 


d 




Li. 


■0 



6/7 



09/787575 



"— c 



CK2 



3a 



3b 



LSI chip 



LOGIC 
INTERCONNECTIONS 



STORED KEY 
VERIFICATION 
AND 
KEY 
EXCHANGE 
MODULE 



T 

RoP 



En 



- EN 



PSEUDO 
RANDOM KEY 
GENERATOR 



d -4 



T- 



n 



I 25-' i i 



PROGRAMMABLE 
COUNTER 




L 



Fig. 8 





t.ri state 



wo 99/16199 



09/787575 

PCT/GB98/02881 




Type a plus sign (+) inside this box -» [+] 





Attorney Docket 


HALJW/102/PC/US 


0010/PTO U.S. Department of Commerce 
Rev. 6/95 Patent and Trademark Office 


First Named Inventor 


Jolin Wolfgang Halpern 




COMPLETE IF KNOWN 




Application Number 


09/787,575 


n Declaration Submitted S Declaration Submitted 


Filing Date 


March 19, 2001 


witli Initial Filing after Initial Filing 


Group Art Unit 






Examiner Name 





As an above named inventor, I hereby declare that; 

My residence, post office address, and citizenship are as stated below next to my name. 

I believe I am the original, first and sole inventor (if only one name is listed beiow) or an original, first and joint i; 
listed below) of the subject matter which is claimed and for which a patent is sought on the invention entitled: 



A Data Enci^ption System for Internet Connmunication 



(Title of the Invention) 

the specification of which 
I I is attached hereto 
OR 

^ was filed on (MM/DDATYY) September 24, 1998 as United States Application or PCT international Application Number 
PCT/GB98/02881 and was amended on (MM/DD/YYYY) March 19. 2001 (if applicable). 



I hereby state that I have reviewed and understood the contents of the above-identified specification, including the claims, as amended by 
any amendment specifically referred to above. 

I acknowledge the duty to disclose information which is material to patentability as defined in Title 37 Codes of Federal Regulations, §1 .56. 
I hereby claim foreign priority under Title 35, United States Code § 119 (a)-(d) or § 365 (b) of any foreign application(s) for patent or 
inventor's certificate, or § 365 (a) of any PCT international application which designated at least one country other than the United States of 
America, listed below and have also identified below, by checking the box, any foreign application for patent or inventor's certificate, or of 
any PCT international application having a filing date before that of the application on which priority is claimed. 



Prior Foreign 
Application Numbers 



Country 



Foreign Filing Date 
(MM/DD/YYYY) 



Priority Not Claimed 



Copy Attached 



Yes 



No 



9720478.8 
9820824.2 



Great Britain 
Great Britain 



September 25, 1997 
September 24, 1998 



□ 
□ 
□ 

□ 



□ 
□ 
□ 
□ 



□ 
□ 



I I Additional foreign application numbers are listed on a supplemental priority sheet attached hereto: 



I hereby claim the benefit under Title 35, United States Code § 119 (e) of any United States provisional application(s) listed below: 



Application Number(s) 



Filing Date 
(MM/DDA'Y) 



□ 



Additional provisional application 
numbers are listed on a 
supplemental priority sheet 
attached hereto. 
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1 hereby claim the benefit under Title 35. United States Code §120 of any United States application(s , or §365{c) o any PCT international 
application designating the United States of America, listed below and, insofar as the subject matter of each of the claims of th.s app l ea on 
is not disclosed in the prior United States or PCT International appiicatioR in the manner provided by the first paragraph of Title 35 United 
States Code §112, I acknowledge the duty to disclose information which is material to patentability as defined in Title 37, Title Code oi 
Federal Regulations §1.56 which became available between the filing date of the prior application and the national or PCT international filing 
date of this application. 



U.S. Parent Application 
Number 



PCT Parent Number 



Parent Filing Date 
(MM/DD/YYYY) 



Parent Patent Number 
(if applicable) 



□ Additional U.S. or PCT International application numbers are listed on a supplementary priority sheet attached hereto: 



As a named inventor, 1 hereby appoint the registered practitioners associated with the Customer Number provided below to prosecute this 
application and to transact all business in the Patent and Trademark Ofnce therewith, and direct that all correspondence be addressed to 
that Customer Number: 



Alix, Yale & Ristas, LLP 



Customer Number: 



I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief are 
believed to be true; and further that these statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine or imprisonment or both under Section 1001 of Title 18 of the United States Code and that such willful false statements 
may jeopardize the validity of the application or any patent issued thereon. ^ 
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POST 
OFFICE 
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15 Jordan Court 



Citizenship United Kingdom 



Ingram 
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Zip 


BN3 5NU 


Country 


United 
Kingdom 


Applicant 
Authority 



Name of Additional Joint Inventor, if any: 
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Name 
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Initial 




Name 



Inventor's 
Signature 



RESIDENCE: 
City 



POST 
OFFICE 
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City 



Applicant 
Authority 



CU Additional inventors are being named on supplemental sheet(s) attached hereto. 



